This is the simplest approach but can require more long-term administrative effort. Every time you create a new user account, you will need to create the user in two locations: on-premises and in Office 365. Name and password changes will require editing the accounts in both locations.

Synchronize on-premises directory objects with Office 365

Active Directory synchronization (also referred to as DirSync) sets up a one-way synchronization relationship between your on-premises Active Directory server and Office 365. You get the benefit of easing the burden of maintaining user accounts without significantly adding to your hardware and failover requirements. However, you will still need to maintain two sets of passwords for your on-premises Active Directory accounts and your Office 365 accounts.

Use Active Directory Federation Services (AD FS) to manage users

This approach requires careful planning for redundancy and failover and requires the most expertise and effort to deploy.

In this approach, users in your organization can use corporate credentials to access the services in Office 365 that your company subscribes to such as Microsoft Dynamics CRM Online. Users sign in once and don’t have to sign in again to access a different service. There’s a single password to manage.

Your decision on which method to choose is based largely on the size of your company and the depth and breadth of your IT resources.

Review the following resources to equip you to make the right decision for your company:

If you’ve deployed synchronization with single sign-on (option 3 above), you can provide a URL to your users that takes advantage of your company’s Active Directory and simplifies the sign-in experience.